[PATCH:xorg-docs] Release Notes: Add note on grab debugging keystrokes in Xorg 1.11 & later

Peter Hutterer peter.hutterer at who-t.net
Wed Apr 11 17:13:50 PDT 2012 

On Fri, Mar 30, 2012 at 08:45:06PM -0700, Alan Coopersmith wrote:
> Includes warning of security risks, especially when xkeyboard-config < 2.5
> is used.
> 
> Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>

Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>

Cheers,
  Peter

> ---
>  general/ReleaseNotes.xml |   50 ++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 50 insertions(+)
> 
> diff --git a/general/ReleaseNotes.xml b/general/ReleaseNotes.xml
> index ccf0ab5..a02a75e 100644
> --- a/general/ReleaseNotes.xml
> +++ b/general/ReleaseNotes.xml
> @@ -772,6 +772,56 @@ The next section describes what is new in the latest version
>  	</para>
>        </sect3>
>  
> +<sect3 id='Grab_debugging_keystrokes'>
> +	<title>Grab debugging keystrokes</title>
> +
> +	<para>
> +	  The Xorg server in this release provides various functions
> +          that can be mapped to keystrokes to aid in the debugging of
> +          programs with errant input grabs.
> +        </para>
> +
> +        <para>
> +          The keysyms <keysym>XF86LogGrabInfo</keysym> and
> +          <keysym>XF86LogWindowTree</keysym> are defined to
> +          print information to the Xorg log file on the current set
> +          of input grabs, and the window tree of the current display.
> +          By default, these are available for use, but not mapped to any key.
> +	</para>
> +	<para>
> +          The keysym <keysym>XF86Ungrab</keysym> forces the X server
> +          to release all active grabs, which may leave the clients holding
> +          them in an inconsistent state.  <keysym>XF86ClearGrab</keysym>
> +          goes further, killing the client connection of any client holding
> +          an active grab when it is pressed.   These keystrokes are
> +          intended to allow developers to debug clients which are not
> +          properly releasing grabs or have problems occur while input is
> +          grabbed.   Since grabs are a fundamental part of the X
> +          client security model, these keystrokes come with risks, such
> +          as the ability to bypass or kill screen locks without knowing
> +          the password, and thus are not available by default.
> +	</para>
> +	<para>
> +	  Users who are willing to accept the security risk and wish to enable
> +          this functionality may do so via the XKB configuration option
> +	  &ldquo;<option>grab:break_actions</option>&rdquo;.
> +	</para>
> +        <warning>
> +          <title>Security issue in older xkeyboard-config releases</title>
> +          <para>
> +            The xkeyboard-config data files included in this release have
> +            the grab disabling keys correctly disabled by default, but
> +            versions before xkeyboard-config 2.5 had them enabled, leading
> +            to the security risk described above.   When upgrading to the
> +            X server in this release be sure to also ensure xkeyboard-config
> +            is a safe version.   More details about this issue may be found
> +            in <ulink
> +url="http://who-t.blogspot.com/2012/01/xkb-breaking-grabs-cve-2012-0064.html"
> +            >advisories for CVE-2012-0064</ulink>.
> +          </para>
> +        </warning>
> +      </sect3>
> +
>  
>        <sect3 id='X_Server_startup_state'>
>  	<title>X Server startup state</title>
> -- 
> 1.7.9.2
>

More information about the xorg-devel mailing list